Cryptohopper, which is a trading bot making website, has been cloned by some hackers in order to distribute malware to unsuspecting visitors and victims and steal their cryptocurrency reserves, through accessing personal information such as hot wallet login credentials.
The discovery was made by, Fumik0_, a malware researcher who noticed how the clone was injecting Trojans to steal information, alongside miners for personal benefit and a number of clipboard hijackers.
Once the clone website is accessed by the victim, it executes a programme that forces the computer to download a file. Many thought that downloading something is fine as long as it’s not opened, but the programme is self-executable, meaning that the moment it is downloaded it will start running.
The Trojan is called Vidar, which is designed to record and steal the computer owner’s personal information such as their browsing history, cookies, payment information and login credentials.
Once the information is collected it is sent over to a remote server and encrypted without even a chance of tracing it unless something goes awry.
What’s arguably most dangerous about the Trojan is that it locates whether or not the user has typed out his or her crypto wallet address at some point and replaces it for direct theft.
Needless to say, this is a very sophisticated attempt to defraud a lot of Cryptohopper customers and visitors. Until the company has figured out the problem and isolated it, it’s not recommended to visit them anytime soon.
